Remote Control software or services allow you to take control of a desktop or other device over the network. They enable remote support, remote administration and monitoring, and/or access to programs, data, or services (for which you've been authorized remote access) that might not otherwise be available. They also add risk:

an additional path to allow unauthorized parties access to those same programs, data, and services

an additional way JMU Protected or Highly Confidential Data may find its way to unauthorized or more vulnerable devices or storage locations

Generally speaking, once a remote control service is enabled, all that stands between an attacker and control of your device is a password. In most cases, control of your device will provide access to your all your data and accounts either directly or indirectly. This can occur through cached passwords, single sign on, or breaching your computer's security.

JMU computing standards require more stringent password controls than those enforced by many remote control services. In such cases, it is up to you to maintain passwords in accordance with JMU standards.

Paid versions of some products offer enhanced authentication options. These include using a list of one time passwords or emailed passcodes. These options reduce the risks associated with reusable passwords which often fall prey to phishing attacks, hacked servers, and viruses.

Things to consider when contemplating use of remote control software or services:

free and commercial versions, does not offer end to end encryption protection due to need to support multi-party sessions, sessions are protected from endpoints to vendor servers but traffic is unencrypted once it hits vendor servers (join.me architecture whitepaper page 6)

Microsoft Remote Desktop

Connection to server on the controlled machine requires a hole to be configured in the host firewall; for connections from off-campus to on-campus machines the SSLVPN gateway must be used

VNC

Connection to server on the controlled machine requires a hole to be configured in the host firewall; for connections from off-campus to on-campus machines the SSLVPN gateway must be used

SSH

Connection to server on the controlled machine requires a hole to be configured in the host firewall; for connections from off-campus to on-campus machines the SSLVPN gateway must be used

A special version of Microsoft Remote Desktop where a limited use, IT maintained Windows Virtual Machine is controlled rather than a physical machine. This relatively new service is currently limited to special use cases due to the costs involved. Submit questions to it-security@jmu.edu or submit a PIQ if interested in exploring applicability.

Configurations and access controls are set up according to need, risk, and efficient use of resources. Currently approved use cases require the use of the SSLVPN gateway and two-factor authentication tokens.